Secure embedded timeline
One of the features we miss most is the embedded "read-only" timeline view. In working with systems where we had no ability to add HubSpot activities into their system, or when working with systems where the client wants to see latest page views, etc. in the embedded form, this gadget was extremely helpful. Many sales teams do not want another username/password to another system; the read-only view was the perfect solution for that problem.
My understanding is that it was removed for lack of security - fair point as it was set up.
Perhaps it could be brought back and secured by passing the information through the API along with a signature (much like how webhooks authentication works now with signatures). This signature could be required to be appended to the iframe URL, have a 5 minute timeout, and the remaining information could be passed through the API. This would mean one call for the data instead of trying to recreate it on our own through many different calls on the fly.
Thanks for hearing us out!